Bruno Wolff III said: > On Mon, May 17, 2004 at 18:00:48 -0400, > Andrew Dunstan <[EMAIL PROTECTED]> wrote: >> >> But what we listen to relates to the destination address of the >> packets, not the source address ... > > There still is some small risk. If you OS doesn't reject packets > destined for 127.*.*.* that don't come from the loopback interface, it > is possible for someone on your local network to at least do a blind > spoofing attack, possibly they might also be able to get replies back > as well.
For some value of "small" approaching 0 :-) . The default configuration will only allow localhost-localhost connections (via the combination of the default listening_addresses value and the default pg_hba.conf settings). So to spoof it successfully you would have to be able to get the host to accept a nonlocal packet addressed to localhost AND get it to route the reply addressed to localhost to your nonlocal machine. If you have such an insecure OS you should - throw it in the bin and get another with a sane network stack, and - in the meantime set listening_addresses to "" to turn of TCP altogether. But then PostgreSQL is likely to be the least of your problems, I suspect. Bear in mind that behaviour has not changed at all really, only *which* behaviour is the default. cheers andrew ---------------------------(end of broadcast)--------------------------- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match